2.1 Introduction
Cyberspace is described as the ‘environment formed by physical and nonphysical components characterized by the use of computers and the electromagnetic spectrum to store, modify and exchange data using computer networks’ (Boothby 2014: 123). Cyberspace is a global digital network that is embedded in every aspect of our daily life. It encompasses not only the Internet, but also the critical infrastructure that supports modern societies, like the electrical grids, water supply systems, banking transactions and transportation systems. In the US and the EU, almost 90% of critical computer infrastructures are operated by the private sector (Dunn Cavelty 2010: 160). Over the past two decades, cyberspace has become a new domain for human interaction and the communication and information exchange that it provides has virtually reduced the size of the world. Almost one third of the world’s population has access to the Internet, thereby making it an important component of the transition and diffusion of power (Ebert and Mauer 2013). Cyberspace is not immune to insecurity, crime and competition. Cases of cyberespionage, data losses, compromised networks and cyber-doom scenarios fill the headlines on a daily basis. States, international organizations, private companies and human rights activists are struggling to regulate a wide range of activities that take place in cyberspace and at the same time balance between critical infrastructure protection, civil liberties, technical standards and cost.
Cyberspace poses a great challenge to the traditional idea of global governance that is mainly state-centric. Due to its asymmetrical, anonymous and dual-use features, cyberspace challenges traditional understanding of key concepts like security, borders, human rights, privacy and sovereignty (Emerson 2016; Liaropoulos 2016, 2015; Slack 2016). The reason is that the socio-political and
A.N. Liaropoulos (*)
Department of International and European Studies, University of Piraeus, Piraeus, Greece e-mail: [email protected]
# Springer International Publishing AG 2017 25
G.C. Bitros, N.C. Kyriazis (eds.), Democracy and an Open-Economy World Order,
DOI 10.1007/978-3-319-52168-8_2
technological characteristics of this new domain are constantly being redefined (Choucri 2012: 4).1 The rapid pace of technological change and the way societies respond in the digital realm is affecting the interests of state and non-state actors in cyberspace. Advances in the field of information technology, like the Internet of Things (Weber 2013),2 Big Data (Cukier and Mayer-Schoenberger 2013)3 and the Dark Web (Chertoff and Simon 2015),4 have surpassed the ability of states and international organizations to offer efficient governance. States lack the necessary human capital and technical resources to provide cyber security to its citizens. The public-private sector relationship in cyberspace resembles a paradox. On the one hand, governments cannot act as a security provider and protect the private sector from all cyber threats. On the other hand, the private sector is asked to assist the government in cyber security matters, by conducting censorship and surveillance.
This paper aims to highlight the challenges regarding cyberspace governance. The first part analyses the idea of cyberspace governance in relation to state sovereignty. The cases of distributed governance, multilateral governance and multi-stakeholderism vividly demonstrate the challenges that states face when they regulate the use of cyberspace within their borders. The second part searches for empirical evidence on cyberspace governance, in the cases of the International Telecommunication Union (ITU), the Internet Corporation for Assigned Names and Numbers (ICANN), the Internet Governance Forum (IGF) and the Global Multistakeholder Meeting on the Future of Internet Governance (NETmundial). The final part, stresses the great power antagonism that is taking place in cyberspace and the power asymmetries between the West and the Global South.
2.2 Cyberspace Governance and State Sovereignty
The concept of governance refers to the governmental institutions and informal regulatory mechanisms that guide and restrain the collective activities of a society. Governance illustrates a system of governing methods where the boundaries of public and private sectors are unclear. Governance has a wider meaning than government. The latter is an executive apparatus that can exist in the presence of widespread opposition to its policies, whereas the former requires acceptance by the majority of those it affects. The term governance is a rather fuzzy term that has been used in a variety of ways in the international relations literature. Global governance does not refer to the creation of a global government, but to the cooperative efforts of states, international organizations and non-state actors to address common challenges that transcend national borders (Patrick 2014: 59). Global governance can be understood as an illustration of governance in the absence of government (Finkelstein 1995).
In brief, the main arguments in the literature on global governance are the following (Nye and Donahue 2010; Rosenau 1995; Rosenau and Czempiel 1992). First, that there is a shift to regulation from the national level, to levels beyond the state. Second, that world politics is more than just intergovernmental politics and that the areas of authority beyond the state have increased. Finally, that rules beyond the state are legitimate, if the representatives of affected interests have agreed upon them in a decision-making process that meets reasonable standards of inclusiveness, transparency and accountability (Dingwerth 2008). Global governance is not conducted exclusively by governments and international organizations, but also by the private sector and non-governmental organizations (NGOs). As a result, states are not replaced as the primary instrument of global governance, but rather supplemented by other actors (Nye and Donahue 2010: 12).
When approaching cyberspace governance, we should consider several issues (Cornish 2015; Deibert 2013; DeNardis 2014; Jayawardane et al. 2015; Nye 2014; Weitzenboeck 2014; West 2014). Should cyberspace be governed at the first place? Who should be involved in governance? How should cyberspace be governed? Is hybrid governance that involves public-private partnerships applicable in cyberspace?4 How can states exercise their sovereignty in cyberspace?
The above issues can be categorized in three main approaches: distributed governance, multilateral governance and multi-stakeholderism (West 2014: 4). In the early days of Internet development, governance could be described as a distributed system. Governance was limited, unorganized and restricted within online communities, who asserted that information had to be free, and not controlled (Deibert and Crete-Nishihata 2012: 341–342). This approach reflected an era where online communities where small, homogeneous and able to regulate themselves. In 1996, John Perry Barlow, the founder of the Electronic Frontier Foundation (EFF)5 stated in The Declaration of the Independence of Cyberspace that ‘Governments are not welcome among us...Cyberspace does not lie within your borders...We are forming our own Social Contract. This governance will arise according to the conditions of our world, not yours’ (Barlow 1996). In the 1990s, Internet had less than a million users and was in a primitive phase of development. Nowadays, the Internet users are counted in billions and cyberspace has become an integral part of modern societies (Betz and Stevens 2011: 15). Cyberspace has matured to the world’s most important infrastructure and it has reached an evolutionary phase where regulations are needed. The distributed governance model, although still popular in some online communities, cannot provide efficient policy solutions that are acceptable to the large and diverse community of cyberspace users.
The argument that state sovereignty should have a limited role in cyberspace has also been embraced, by those who view cyberspace as a global commons. In sharp contrast to land, sea, air and space, cyberspace is a human-made domain that lacks physical space and thereby borders. Cyberspace comprises a global common infrastructure, but is not a global commons (Cornish 2015: 158). Cyberspace seems borderless, but is actually bounded by the physical infrastructures that facilitate the transfer of data and information. Such infrastructures are mostly owned by the private sector and are located in the sovereign territory of states. There is no doubt that states are trying to overcome the so-called border paradox and develop virtual borders (Demchak and Dombrowski 2011). James Lewis eloquently described cyberspace as a condominium, with many owners (2010: 16). Paul Cornish labels cyberspace as a virtual commons that is neither private property, nor sovereign territory, nor global commons in the same way that sea and the air are considered to be (2015: 158–159).
The issue of state sovereignty is of central importance to the advocates of the multilateral governance. The multilateral approach views cyberspace in Hobbesian terms. Supporters of this state-centric approach understand cyberspace as a chaotic domain that reinforces insecurity and therefore argue that states should be the ones to formulate policy in cyberspace. This approach calls for the creation of a body within the United Nations (UN), that will be responsible for cyberspace governance, but at the same time states will have the power to set their own national policies. The multilateral model has traditionally been supported by Russia, China, India, Iran and Saudi Arabia. In the aftermath of the Edward Snowden disclosure, multilateral governance has gained momentum even among some EU member states that seek to protect their cyber-borders and data from the surveillance systems of the US (West 2014: 7). National governments view the privacy policies adopted by transnational companies like Google, Facebook and Twitter as a threat to digital sovereignty and thereby national security (Nocetti 2015: 114). It has been argued that in an era of great power antagonism, the exercise of state sovereignty in order to secure national digital assets and critical infrastructure, could lead to the fragmentation—Balkanization of cyberspace. Cornish questions whether fragmentation is actually a negative development and should be considered a threat to cyberspace or rather a credible alternative to it (2015: 159). States have the choice to break off from the current Internet and form their own regional or national Intranets. States are examining the option of creating ‘national cyberspaces’, building trans-oceanic cables and store Internet data on servers within their national territories. Ensuring the protection and integrity of data is of critical importance. Nevertheless, we have to consider the utility of data localization. Storing data on national territories, does not necessary make them invisible to foreign hackers. It is not geography, but mainly technology and encryption that define security in the digital world.
For the advocates of the multilateral approach, Internet governance should respect the Westphalian notion of sovereignty and therefore should resemble the case of the International Telecommunication Union.6 The protection of digital sovereignty and information security are the main priorities for states that embrace the multilateral governance model. Another example that fits to a certain extent with the multilateral model is the Shanghai Cooperation Organization (SCO). Russia, China, India, Iran and other Central Asian states have been coordinating their Internet security policies through the SCO and conducting cyber-exercises designed to counter Internet-enabled political uprisings.7 SCO is an example of low-level multilateral cooperation between states that prefer a tightly controlled Internet (Deibert 2015: 13).
In sharp contrast to the above, the multi-stakeholder governance model involves state and non-state actors that represent the business sector and civil society. The rationale is that governments alone cannot regulate cyberspace successfully. Therefore, other actors like technical corporations, search engines, internet users and civil organizations should also be involved in the governance of Internet. Microsoft, Apple, Google, Yahoo, Weibo, Skype, Dropbox, Amazon, Twitter, Facebook and Badoo are only some of the numerous companies, technical providers and search engines that collect and store data. The advocates of the multi-stakeholder governance model argue that cyberspace norms will be accepted by internet users, only if they are part of designing them. This will enhance legitimacy and authority of institutions, organizations and companies in cyberspace (Mihr 2014). Supported by the US, UK, Canada, Australia and organizations like Google and ICANN, the multi-stakeholder model has been quite popular in the pre-Snowden era. In the aftermath of the Snowden disclosure the legitimacy and credibility of this approach has been considerably weakened (Deibert 2015: 13).
2.3 The Uses and Limits of Multilateral Governance and MultiStakeholderism
This section will apply the multilateral governance and multi-stakeholderism in ITU, ICANN, IGF and NETmundial, which are considered as some of the most representative global governance fora. Each case will provide us with different insight on the uses and limits of multilateral governance and multi-stakeholderism.
Although multi-stakeholderism is considered nowadays the mainstream approach in Internet governance, it was only in 2002 that the United Nations General Assembly (UNGA) identified the role of other participants, apart from states, in safeguarding cyberspace. In particular, the UNGA Resolution 57/239 of 2002 made reference to ‘governments, businesses, other organizations and individual users who develop, own, provide, manage, service and use information systems and networks’. According to the resolution, the participants ‘must assume responsibility for and take steps to enhance the security of these information technologies, in a manner appropriate to their roles’ (Kremer and Müller 2014: 15). The term ‘stakeholders’ first appeared in the UNGA Resolution 58/199 of 2003. In 2010, the Report A/65/201 of the UN Governmental Group of Experts (GGE), stressed the importance of ‘Collaboration among states, and between states, the private sector and civil society’, thereby recognizing an equal role for civil society in the governance of cyberspace (Kremer and Müller 2014: 15).
Multi-stakeholderism advocates the inclusive participation of all relevant actors that deal with cyberspace governance. These actors include not only states, but also a variety of non-state actors, like civil society groups, representatives of the private sector, media and other actors that regulate communication in cyberspace. The advantage of the multi-stakeholder approach is that all relevant actors can participate and be heard on an equal basis (Mihr 2014: 28). Inclusiveness and representativeness are the core principles of this approach. In an ideal scenario, the stakeholders do not only produce norms and set their own standards, but also define possible repercussions or penalties for non-compliance (Mihr 2014: 28). Multistakeholderism should not be understood as an end in itself, but rather as a process to reach effective governance. Multi-stakeholderism cannot and does not aim to replace states. Besides, stakeholders do not all participate in the same way and to the same extent in the governance of cyberspace. For example, civil society actors, private sector organizations and global think tanks might play a leading role in shaping and institutionalizing norms of behavior in cyberspace, but it is only states that can enforce regulations (Jayawardane et al. 2015: 4–5).
The case of the ITU is a perfect example not only of the challenges that Internet governance is facing, but also of the battle between multilateral governance and multi-stakeholderism. The ITU is a UN body responsible for international telecommunications and is regarded, especially by the least developed countries, as the most appropriate forum for the governance of Internet (Jayawardane et al. 2015: 6). Even though the ITU lists 700 private sector entities among its membership, it is not considered a good example of multi-stakeholderism. The reason is that only the 193 member-states that participate and vote in the Plenipotentiary Conference, can decide on the future policies of the organization. The ITU is therefore, a multilateral organization, where only states can formulate policy (Glen 2014: 637). The limited participation of civil society organizations in the ITU and the attempt during the World Conference on International Telecommunications (WCIT) in December 2012 to transfer responsibility for Internet governance from bodies such as ICANN to the ITU, represent a major challenge to multi-stakeholderism (Glen 2014: 651). Over the past years, states attempt to territorialize cyberspace and replace multi-stakeholderism with a centralized and multilateral model (Glen 2014). This trend gained further momentum after the revelations by Edward Snowden regarding the cyber surveillance programs conducted by the National Security Agency (NSA).
When the Internet expanded globally in 1997, the US government created ICANN.8 It was set up as a private non-profit organization under California law, but is global in reach since it is responsible for the Internet Assigned Numbers Authority (IANA) functions, mainly Internet Protocol (IP) space allocations, the Domain Name System (DNS) management and root server system management. ICANN is an institution, which not only operates the technical infrastructure of Internet, but also produces policies that relate to national sovereignty issues (Bajaj 2014: 583). The US government is in a position to influence ICANN through the IANA functions contract between the National Telecommunications and Information Administration (NTIA) and ICANN (Kruger 2015; Jayawardane et al. 2015: 6). The paradox here is that although the US is a strong supporter of multistakeholderism and opposes an increasing role of governments in governing cyberspace, at the same time, Washington maintained for nearly two decades its authority over Internet via the IANA contract (Kruger 2015: 17). Even prior to Edward Snowden’s disclosures about the NSA’s surveillance programs, many states were critical of the control that the US exerted over ICANN.
In March 2014, the NTIA announced the intention to transition its stewardship role and procedural authority over key Internet domain name functions to the global Internet multi-stakeholder community. In October 2016, the US relinquished its control over ICANN, in order to avoid the fragmentation of the Internet. Supporters of this transition argue that such a development will eventually lead to the democratization of global internet governance and strengthen the multi-stakeholder governance. On the other hand, it is still unclear who will replace the US in terms of control. Will ICANN become more accountable or will other states take advantage of Snowden’s revelations and impose a more intergovernmental form of governance? (Kruger 2015: 17–18).
The IGF,9 functions under the aegis of the UN. It was created in 2006 by the World Summit of the Information Society (WSIS) and it aims to bring together various stakeholders in discussions on public policy issues relating to the Internet. The IGF serves as a grassroots discussion forum, where all participants can address the international community; identify emerging issues regarding the management of the Internet and shape decisions that will be taken in other forums. The IGF is an open forum that allows developing countries the opportunity to engage in the debate on Internet governance. The obvious disadvantage of the IGF is that it lacks a decision making mandate and the authority to establish policies and regulations. The IGF is therefore useful as a flexible forum for discussions and norms development, but it is questionable whether it has the power to influence the policy making process (Jayawardane et al. 2015: 7).
The NETmundial10 is another example of multi-stakeholderism that endorses a bottom-up approach regarding Internet governance. In light of the Snowden revelations, the Brazilian government initiated the NETmundial meeting in April 2014. It brought together hundreds of stakeholders from almost 100 countries. The stakeholders represented governments, the private sector, civil society and the academic community (Jayawardane et al. 2015: 7). The NETmundial Multistakeholder statement embraced democratic multistakeholder processes and net neutrality, but failed to reach a complete consensus. Russia and India opposed the NETmundial statement and China and South Africa did not react enthusiastically (Kurbalija 2014: 183).
2.4 Great Power Politics and the Struggle Over Cyberspace
Cyberspace is not immune to politics. The popular belief that cyberspace can be a libertarian utopia, seems utterly unrealistic in the era of IoT and Big Data. Cyberspace is not the apolitical zone of non-state actors. On the contrary, it is a domain where states seek to exercise their sovereignty. As a result cyberspace governance resembles a power politics game.The case oftheITU and to a lesser extentthe recentexample of the SCO, colorfully demonstrate that state sovereignty in cyberspace is not only expected, but in some cases it is regarded as the only suitable source of authority (Cornish 2015: 160). The issue at stake is not whether states assert sovereignty in cyberspace, but how not to assert sovereignty over cyberspace (Slack 2016: 74).
Another point to consider is the future demographic trends in cyberspace. In the past cyberspace was western-dominated, but that will not be the case in the near future. Based on the current internet user statistics and key demographic trends, the non-western world is underrepresented in the field of cyberspace governance (Demidov 2014). Nowadays, only 30% of world population has access to Internet. The next billions of cyberspace users will originate from the Global South (Deibert 2013: 9). Many of these states embrace a Westphalian understanding of state that traditionally favors the multilateral governance model. These states recognize the financial benefits of an open Internet, but at the same time fear its disruptive power and the cyber security risks.
On the other hand, the analysis of multi-stakeholderism, revealed its shortcomings. There are legitimate concerns regarding the unbalanced representation of civil society groups and private companies, the role they might serve and their ability to actually influence decision making (Dilipraj 2014: 4; West 2014: 9). Multi-stakeholderism does not always lead to a wider range of views or to a more global representation of interests (Pohle 2015). This is not to devalue the role of multi-stakeholderism, but to place this approach into a pragmatic context. After all, the need to create networks of experts, governmental and non-governmental, technical and policy-oriented, should not be underestimated (Slack 2016: 73).
The present state of cyberspace governance commands us to be realistic. While the demand for governance is great, the prospect of an overarching cyber-treaty does not seem feasible. The recent evidence from cyberspace governance seems to confirm Patrick’s approach on minilateralism. He argues that effective methods of governance occur less in formal institutions and more on regional organizations among like-minded states (2014). The argument is that since no UN treaty could regulate the whole range of cyber-related issues (cyberwar, cybercrime, protection of civil rights, etc.), a more practical approach would be to focus on certain aspects, whether that is the cyber arms race or the protection of intellectual property rights, and develop for each issue norms of behavior and confidence building measures, across a variety of fora. This approach, labeled as global governance in pieces, could serve cyberspace in the present transitional phase (Patrich 2014).
2.5 Conclusion
Cyberspace has become severely contested. The challenge is not only the traditional power politics game between states, but also the loss of power within states. States compete with each other in their attempt to create norms and institutions that will shape the future of governance, but at the same time, they have to fill in the sovereignty gap and compete with the private sector. As a result, cyberspace governance is still under construction. Establishing a social contract for cyberspace, that would involve governments, companies and civil society actors, seems unrealistic for the near future. The available institutions and the existing body of international law provide adequate tools to regulate a wide range of state activities in cyberspace. Cyberspace lacks a single forum or international organization that is responsible for regulating its activities. Thus, governance is spread throughout technical standard setting fora, private sector organizations, civil society groups, states and international organizations. Governance ranges from developing norms and codes of conduct, to signing regional treaties and imposing regulations. The future of cyberspace governance lies in balancing between great power competition and power asymmetries both between and within states.
1 According to Professor Nazli Choucri, cyberspace is characterized by: temporality (replaces conventional temporality with near instantaneity), physicality (transcends constraints of geography and physical location), permeation (penetrates boundaries and jurisdictions), fluidity (manifests sustained shifts and reconfigurations), participation (reduces barriers to activism and political expression), attribution (obscures identities of actors and links to action) and accountability (bypasses mechanisms of responsibility).
2 The Internet of Things (IoT) is a concept that aims to connect various devices or objects—things through wireless and wired connections and create an environment where users can interact at any time with the digital and the physical world. The IoT is mobile, virtual, built on cloud computing and networks of data gathering sensors and is growing rapidly. Mobile applications and sensors are now operating in cars, refrigerators, machinery, medical technology and smart phones.
3 Big Data is a term that refers to large and complex sets of data, both structured and unstructured, that surpasses the ability of typical database software tools to capture, store, manage and analyze. The challenges that Big Data poses, relate to the ‘3Vs’ characteristics: volume, variety and velocity. 4
Dark Web is a part of Internet that is intentionally hidden; it is not indexed by search engines and is inaccessible through standard web browsers. An example of Dark Web is the Tor network that offers its users anonymity by encrypting data and sending them through other routers.
4 Hybrid refers to the combination of two different elements. As Weitzenboeck points out, it does not differentiate between either/or, but combines both-and. In the case of cyberspace governance, hybrid governance would involve both the public and the private sector. It is worth asking whether cyberspace governance could be approached as a case of hybrid governance, where different methods of governance—that surpass the boundaries between the public and the private, the national and the international—could regulate specific areas of cyberspace.
5 For more details see https://www.eff.org/
6 For more details see http://www.itu.int/en/Pages/default.aspx
7 In 2011 China, Russia, Tajikistan and Uzbekistan first circulated an International Code of Conduct on Information Security for the consideration of UN member-states. The United States and other western states dismissed the code, with the argument that it would lead to state’s control of Internet and online content. In 2015 China, Russia, Kazakhstan, Kyrgyzstan, Tajikistan and Uzbekistan, have jointly submitted an update of their International Code of Conduct on Information Security to the UN Secretary General, stressing once more the need for new international law for cyberspace.
8 For more details see https://www.icann.org/
9 For more details see http://www.intgovforum.org/
10 For more details see http://netmundial.br/